Int32 GetModuleAddress(Process curproc, ProcessMemory curmem, string name)
{
if (From == GetModuleFrom.ProcessClass)
{
var mod = GetModule(curproc.Modules, name);
if (mod == null)
{
return(0);
}
return(mod.BaseAddress.ToInt32());
}
if (From == GetModuleFrom.Mirroring)
{
var mod = ProcessMemory.GetModule("ws2_32.dll");
var info = curmem.VirtualQuery(mod);
return(info.State != ProcessMemory.MemoryState.Free ? mod : 0);
}
if (From == GetModuleFrom.Toolhelp32Snapshot)
{
var mods = curmem.GetModuleInfos();
var mod = mods.FirstOrDefault(mi => mi.baseName.ToLowerInvariant() == name);
if (mod == null)
{
return(0);
}
return(mod.baseOfDll.ToInt32());
}
return(-1);
}
void Inject()
{
using (var mem = new ProcessMemory(CurrentProcess.Id))
{
using (var notemem = new ProcessMemory(Process.GetCurrentProcess().Id))
{
if (mem.Is64Bit())
{
throw new NotSupportedException("lolclient is running in 64bit mode which is not supported");
}
var connect = new byte[connectcc.Length];
connectcc.CopyTo(connect, 0);
int jmpaddrloc = connect.Length - 4;
var mod = ProcessMemory.GetModule("ws2_32.dll");
Int32 reladdr = notemem.GetAddress(mod, "connect");
reladdr -= mod;
var lolmod = GetModuleAddress(CurrentProcess, mem, "ws2_32.dll");
if (lolmod == 0)
{
throw new FileNotFoundException("Lolclient has not yet loaded ws2_32.dll");
}
Int32 connectaddr = lolmod + reladdr;
var bytes = mem.Read(connectaddr, 5);
if (bytes[0] == 0xe9)
{
throw new WarningException("Connect already redirected");
}
if (!bytes.SequenceEqual(safecheck))
{
bytes = mem.Read(connectaddr, 20);
throw new AccessViolationException(string.Format("Connect has unknown bytes [{0},{1}]", Convert.ToBase64String(bytes), From));
}
Int32 addr = mem.Alloc(connectcc.Length);
BitConverter.GetBytes((connectaddr + 5) - (addr + connect.Length)).CopyTo(connect, jmpaddrloc);
mem.Write(addr, connect);
var jmp = new byte[5];
jmp[0] = 0xE9;
BitConverter.GetBytes(addr - (connectaddr + 5)).CopyTo(jmp, 1);
mem.Write(connectaddr, jmp);
}
}
}
Int32 GetModuleAddress(Process curproc, ProcessMemory curmem, string name)
{
if (From == GetModuleFrom.ProcessClass)
{
var mod = GetModule(curproc.Modules, name);
if (mod == null)
return 0;
return mod.BaseAddress.ToInt32();
}
if (From == GetModuleFrom.Mirroring)
{
var mod = ProcessMemory.GetModule("ws2_32.dll");
var info = curmem.VirtualQuery(mod);
return info.State != ProcessMemory.MemoryState.Free ? mod : 0;
}
if (From == GetModuleFrom.Toolhelp32Snapshot)
{
var mods = curmem.GetModuleInfos();
var mod = mods.FirstOrDefault(mi => mi.baseName.ToLowerInvariant() == name);
if (mod == null)
return 0;
return mod.baseOfDll.ToInt32();
}
return -1;
}
void Inject()
{
using (var mem = new ProcessMemory(CurrentProcess.Id))
{
using (var notemem = new ProcessMemory(Process.GetCurrentProcess().Id))
{
if (mem.Is64Bit())
throw new NotSupportedException("lolclient is running in 64bit mode which is not supported");
var connect = new byte[connectcc.Length];
connectcc.CopyTo(connect, 0);
int jmpaddrloc = connect.Length - 4;
var mod = ProcessMemory.GetModule("ws2_32.dll");
Int32 reladdr = notemem.GetAddress(mod, "connect");
reladdr -= mod;
var lolmod = GetModuleAddress(CurrentProcess, mem, "ws2_32.dll");
if (lolmod == 0)
{
throw new FileNotFoundException("Lolclient has not yet loaded ws2_32.dll");
}
Int32 connectaddr = lolmod + reladdr;
var bytes = mem.Read(connectaddr, 5);
if (bytes[0] == 0xe9)
{
throw new WarningException("Connect already redirected");
}
if (!bytes.SequenceEqual(safecheck))
{
bytes = mem.Read(connectaddr, 20);
throw new AccessViolationException(string.Format("Connect has unknown bytes [{0},{1}]", Convert.ToBase64String(bytes), From));
}
Int32 addr = mem.Alloc(connectcc.Length);
BitConverter.GetBytes((connectaddr + 5) - (addr + connect.Length)).CopyTo(connect, jmpaddrloc);
mem.Write(addr, connect);
var jmp = new byte[5];
jmp[0] = 0xE9;
BitConverter.GetBytes(addr - (connectaddr + 5)).CopyTo(jmp, 1);
mem.Write(connectaddr, jmp);
}
}
}